Assess Your Organisations Risk Maturity in Under an Hour – or Go Deep When You're Ready

A practical Risk Maturity Model built on ISO 31000, ISO/IEC 42001, NIST CSF, C2M2, CMMI and international best practice. Start with a fast snapshot or dive into a full 360° assessment.

Start Basic Assessment (45–60 mins)
Explore Extended Assessment

Designed by exeperienced risk professionals • Used by Boards, CROs & Risk Teams

Healthcare

Ports & Logistics

Mining & Resources

Retail

Public Sector

Financial Services

Technology

Telecommunications

Many more

What Is the Risk Maturity Model and Why Does It Matter?

The Risk Maturity Model is a structured way to understand how well your organisation actually manages risk – beyond having policies on paper.

It assesses governance, people, processes, technology, resilience and AI risk to give you a clear, honest view of where you stand and what to improve next.

Our model uses five maturity levels (Ad hoc → Leading), making it easy to communicate progress with Boards, executives and regulators.

Key questions we help answer:

  • Where are our biggest gaps in risk capability?

  • Are we set up to support strategy, not just compliance?

  • How do we prioritise improvements over the next 12–24 months?

Strategic Risk Maturity Assessment

Drive organisational resilience with our comprehensive assessment frameworks. From rapid insights to deep-dive analysis, choose the path that aligns with your strategic objectives.

Basic Risk Maturity Assessment

A fast, practical snapshot in under an hour.

Best For

  • Small and medium size organisations

  • Executive and Board discussions

  • First-time maturity check

What it covers

  • 10–12 core domains

  • 5-level maturity scale from Ad hoc to Leading

  • Simple, plain-English questions

What you get

  • Overall risk maturity score

  • Domain-by-domain traffic light view

  • Top 5 improvement priorities

  • 1-page summary for executives/board

Start Basic Assessment (Free for a limited time)

Extended Risk Maturity Assessment

15+ domains, 35+ sub-domains, deep dive with a full report.

Best For

  • Larger / more complex organisations

  • Regulated industries

  • Risk transformations, GRC implementations

What it covers

  • 15+ domains and 35+ sub-domains, including comprehensive risk framework analysis

  • Challenges you on no just maturity but also practices on ground

What you get

  • Detailed maturity heatmap across all domains

  • Benchmarking against international standards

  • A prioritised roadmap of initiatives (3, 6, 12 months)

  • Board-ready and audit-ready PDF report

Talk to Us About Extended Assessment

How the Assessment Works

1

Tell Us About Your Organisation

Size, industry, frameworks, regulatory context.

2

Complete the Online Questionnaire

Plain-language questions with examples. Pause anytime.

3

Instant Maturity View (Basic)

See your score, domain gaps, download 1-page summary.

4

Full Report & Debrief (Extended)

PDF report plus optional workshop with your team.

Built on Global Standards – Tailored for Real-World Use

Our Risk Maturity Model is not another "made up" score. It is mapped to globally recognised standards and guides, and refined through years of practical consulting work.

ISO 31000 – Risk Management

CMMI – Capability Maturity Model

C2M2 – Cyber Capability Model

ISO/IEC 42001 – AI Management System

NIST Cybersecurity Framework

APRA / ASIC guidance

What this means for you

  • Results align with regulatory & audit expectations

  • Easy to map to your current frameworks

  • A bridge between theory and real organisational practice

Who Uses the Risk Maturity Model?

Boards & Executives

  • Understand whether risk management is fit-for-purpose and EFFECTIVE !

  • Support risk appetite conversations with evidence

  • Prioritise investment in people, tools and controls

Internal Audit & Assurance

  • Use maturity as an input into the audit plan

  • Shift from control-by-control checking to capability-focused reviews

  • Provide combined assurance over the risk management framework

Risk & Compliance Leader

  • Benchmark current maturity and track uplift

  • Target limited resources on the most critical gaps

  • Support strategic project implementations and compliance priorities, such as FAR, CPS 230, CPS 234 etc

What You Get at the End

For Basic Assessment

  • Overall risk maturity score (0–7 or Ad hoc → Leading)

  • Domain-level RAG view (e.g. Governance, Process, Controls, Technology, Reporting, Resilience)

  • Top 5 recommended improvement actions

For Extended Assessment

  • maturity heatmap across 15+ domains and 35+ sub-domains

  • Written commentary on strengths, gaps and risks

  • Recommended improvement roadmap

  • Optional board / ARC slide pack

Download a Sample Extended Report →

Ready to Understand Your Risk Maturity?

Start with the free Basic Assessment or talk to us about a full Extended Assessment.

Start Basic Assessment →